Zitadel 5.2.2

There is a newer version of this package available.
See the version list below for details.
dotnet add package Zitadel --version 5.2.2                
NuGet\Install-Package Zitadel -Version 5.2.2                
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="Zitadel" Version="5.2.2" />                
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Zitadel --version 5.2.2                
#r "nuget: Zitadel, 5.2.2"                
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
// Install Zitadel as a Cake Addin
#addin nuget:?package=Zitadel&version=5.2.2

// Install Zitadel as a Cake Tool
#tool nuget:?package=Zitadel&version=5.2.2                

ZITADEL

The ZITADEL.net library is a collection of tools for building web applications. It supports easy access to the ZITADEL API as well as authentication handlers for .NET web applications and web APIs.

Credentials

There are three credentials that help with the access to ZITADEL:

  • "Application": used in web APIs to authenticate the relying party
  • "BasicAuthentication": creating normal basic auth credentials
  • "ServiceAccount": loads a service account json and authenticates against ZITADEL

The application supports creating a signed JWT token on behalf of the application:

var application = Application.LoadFromJsonString(
@"{
  ""type"": ""application"",
  ""keyId"": ""keyid"",
  ""key"": ""RSA KEY"",
  ""appId"": ""appid"",
  ""clientId"": ""client id""
}");
var jwt = await application.GetSignedJwtAsync("issuer");

The service account allows you to load a service account json and authenticate against ZITADEL to fetch a valid access token:

var serviceAccount = ServiceAccount.LoadFromJsonString(
    @"
{
  ""type"": ""serviceaccount"",
  ""keyId"": ""key id"",
  ""key"": ""RSA KEY"",
  ""userId"": ""user id""
}");
var token = await serviceAccount.AuthenticateAsync();

Accessing the ZITADEL API

ZITADEL.gRPC provides the compiled proto files. The ZITADEL library provides helper functions to create the three types of "clients":

  • AuthClient
  • AdminClient
  • ManagementClient

The ZITADEL docs describe the gRPC calls and how to use them.

As an example, one may use the AuthClient to fetch the user information.

With a personal access token of a service account

const string apiUrl = "https://zitadel-libraries-l8boqa.zitadel.cloud";
const string personalAccessToken = "TOKEN";
var client = Clients.AuthService(new(apiUrl, ITokenProvider.Static(personalAccessToken)));
var result = await client.GetMyUserAsync(new());
Console.WriteLine($"User: {result.User}");

With a service account JWT profile

const string apiProject = "PROJECT ID";
var serviceAccount = ServiceAccount.LoadFromJsonString(
@"{
  ""type"": ""serviceaccount"",
  ""keyId"": ""key id"",
  ""key"": ""RSA KEY"",
  ""userId"": ""user id""
}");
client = Clients.AuthService(
    new(
        apiUrl,
        ITokenProvider.ServiceAccount(
            apiUrl,
            serviceAccount,
            new(){ ApiAccess = true })));
result = await client.GetMyUserAsync(new());
Console.WriteLine($"User: {result.User}");

Authentication in Web Apps

To authenticate ASP.NET web applications, use the AddZitadel() extension method on the IAuthenticationBuilder. You will need an application on a ZITADEL instance and a client ID.

// -- snip --
builder.Services
    .AddAuthorization()
    .AddAuthentication(ZitadelDefaults.AuthenticationScheme)
    .AddZitadel(
        o =>
        {
            o.Authority = "https://zitadel-libraries-l8boqa.zitadel.cloud/";
            o.ClientId = "170088295403946241@library";
            o.SignInScheme = IdentityConstants.ExternalScheme;
        })
    .AddExternalCookie()
    .Configure(
        o =>
        {
            o.Cookie.HttpOnly = true;
            o.Cookie.IsEssential = true;
            o.Cookie.SameSite = SameSiteMode.None;
            o.Cookie.SecurePolicy = CookieSecurePolicy.Always;
        });
// -- snip --

The example above allows an ASP.NET web application to authenticate against ZITADEL and use the external cookie scheme to store the access token in a secure cookie.

Authentication in Web APIs

Authenticating web APIs is similar to authenticating web apps. In contrast to a web application, the web API cannot hold a user session with an external application cookie. Instead, web APIs use the introspection endpoint of ZITADEL to fetch information about the presented access token (be it JWT or opaque token). The authentication mechanism is based on the OAuth2Introspection package of "IdentityModel".

In ZITADEL you may use two different authentication methods:

  • Basic Auth
  • JWT Profile

With basic auth, you need to use client_id and client_secret, and with JWT profile, a special json is generated for you, that is required to authenticate the web API against ZITADEL.

builder.Services
    .AddAuthorization()
    .AddAuthentication()
    .AddZitadelIntrospection(
        o =>
        {
            o.Authority = "https://zitadel-libraries-l8boqa.zitadel.cloud/";
            o.ClientId = "170102032621961473@library";
            o.ClientSecret = "KNkKW8nx3rlEKOeHNUcPx80tZTP1uZTjJESfdA3kMEK7urhX3ChFukTMQrtjvG70";
        });

The code above uses basic authentication. You need to be sure that your API application in ZITADEL is configured to use basic authentication.

Below, a JWT profile (application credential) is used to authenticate the web API. Note that the client id is no longer required. Using JWT profile is the recommended way to authenticate web APIs.

builder.Services
    .AddAuthorization()
    .AddAuthentication()
    .AddZitadelIntrospection(
        o =>
        {
            o.Authority = "https://zitadel-libraries-l8boqa.zitadel.cloud";
            o.JwtProfile = Application.LoadFromJsonString("YOUR APPLICATION JSON");
        });

Caching

The OAuth2Introspection supports caching of the access token for a configured amount of time. This reduces the load on the issuer and allows faster requests for the same token. To enable caching, you need to configure caching in the options of AddZitadelIntrospection and add an implementation of IDistributedCache.

Faking / Mocking local Authentication

To enable local development or testing without a real world ZITADEL instance, you may use the mocked authentication. It simply adds all provided claims to the constructed identity and lets all calls pass as "authenticated".

You may send a request with two special headers to overwrite the behaviour per request:

  • x-zitadel-fake-auth: If this header is set to "false", the request will return as "unauthenticated"
  • x-zitadel-fake-user-id: If this header is set, the value of the header will be user as user ID.

To enable the fake authentication, simply use the AddZitadelFake extension method:

builder.Services
    .AddAuthorization()
    .AddAuthentication()
    .AddZitadelFake(o =>
        {
            o.FakeZitadelId = "1337";
        });
Product Compatible and additional computed target framework versions.
.NET net6.0 is compatible.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (1)

Showing the top 1 NuGet packages that depend on Zitadel:

Package Downloads
Zitadel.Api

The API library for Zitadel. Implemented with gRPC, it allows access to the API of any Zitadel instance (default: https://api.zitadel.ch).

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
7.0.3 144 11/21/2024
7.0.2 696 11/13/2024
7.0.1 407 11/8/2024
7.0.0 1,118 10/28/2024
6.2.0 424 10/28/2024
6.1.4 102 10/28/2024
6.1.3 96 10/28/2024
6.1.2 44,425 1/31/2024
6.1.1 287 1/26/2024
6.1.0 695 1/26/2024
6.0.0 503 1/24/2024
5.3.3 6,190 1/10/2024
5.3.2 686 1/9/2024
5.3.1 1,967 1/3/2024
5.3.0 2,909 12/19/2023
5.2.26 12,867 10/4/2023
5.2.25 5,264 9/13/2023
5.2.24 723 9/8/2023
5.2.23 455 9/7/2023
5.2.22 396 9/7/2023
5.2.21 1,356 8/25/2023
5.2.20 1,767 8/19/2023
5.2.19 1,246 8/11/2023
5.2.18 997 8/9/2023
5.2.17 424 8/8/2023
5.2.16 2,086 7/17/2023
5.2.15 463 7/17/2023
5.2.14 615 7/11/2023
5.2.13 1,280 7/7/2023
5.2.12 529 7/5/2023
5.2.11 976 6/24/2023
5.2.10 452 6/23/2023
5.2.9 622 6/18/2023
5.2.8 7,095 5/27/2023
5.2.7 702 5/17/2023
5.2.6 591 5/9/2023
5.2.5 544 5/6/2023
5.2.4 528 5/5/2023
5.2.3 3,466 4/27/2023
5.2.2 618 4/22/2023
5.2.1 555 4/17/2023
5.2.0 690 4/14/2023
5.2.0-prerelease.3 87 4/14/2023
5.2.0-prerelease.2 86 4/14/2023
5.2.0-prerelease.1 91 4/13/2023
5.1.1 489 4/14/2023
5.1.0 506 4/13/2023
5.0.32 509 4/13/2023
5.0.31 471 4/12/2023
5.0.30 863 3/31/2023
5.0.29 570 3/26/2023
5.0.28 1,411 3/16/2023
5.0.27 586 3/15/2023
5.0.26 698 3/8/2023
5.0.25 949 3/3/2023
5.0.24 642 2/17/2023
5.0.23 557 2/16/2023
5.0.22 563 2/15/2023
5.0.21 586 2/15/2023
5.0.20 603 2/14/2023
5.0.19 622 2/10/2023
5.0.18 562 2/9/2023
5.0.17 585 2/8/2023
5.0.16 1,780 1/12/2023
5.0.15 603 1/11/2023
5.0.14 780 1/3/2023
5.0.13 693 12/16/2022
5.0.12 676 12/14/2022
5.0.11 642 12/8/2022
5.0.10 603 12/8/2022
5.0.9 695 12/3/2022
5.0.8 652 12/1/2022
5.0.7 823 11/18/2022
5.0.6 721 11/8/2022
5.0.5 772 10/27/2022
5.0.4 738 10/19/2022
5.0.3 742 10/17/2022
5.0.2 1,277 10/12/2022
5.0.1 726 10/6/2022
5.0.0 710 10/6/2022
4.0.12 753 9/30/2022
4.0.11 739 9/28/2022
4.0.10 767 9/27/2022
4.0.9 832 9/14/2022
4.0.8 837 9/2/2022
4.0.7 867 8/25/2022
4.0.6 764 8/19/2022
4.0.5 756 8/17/2022
4.0.4 756 8/10/2022
4.0.3 980 7/26/2022
4.0.2 860 7/22/2022
4.0.1 828 7/18/2022
4.0.0 802 7/18/2022
3.4.7 2,356 4/22/2022
3.4.6 1,030 4/20/2022
3.4.5 1,054 4/12/2022
3.4.4 1,048 4/1/2022
3.4.3 1,037 3/22/2022
3.4.2 1,080 3/8/2022
3.4.1 1,276 2/23/2022
3.4.0 984 2/23/2022
3.3.12 1,411 11/19/2021
3.3.11 1,041 11/8/2021
3.3.10 989 10/29/2021
3.3.9 953 10/26/2021
3.3.8 996 10/20/2021
3.3.7 1,000 10/19/2021
3.3.6 983 10/12/2021
3.3.5 1,008 10/11/2021
3.3.4 955 10/5/2021
3.3.3 1,016 9/30/2021
3.3.2 1,004 9/15/2021
3.3.1 938 9/14/2021
3.3.0 1,078 9/8/2021
3.2.3 951 9/7/2021
3.2.2 988 8/18/2021
3.2.1 961 8/13/2021
3.2.0 964 8/4/2021
3.1.8 1,094 6/22/2021
3.1.7 949 6/11/2021
3.1.6 2,876 6/8/2021
3.1.5 1,009 5/26/2021
3.1.4 877 5/25/2021
3.1.3 884 5/24/2021
3.1.2 911 5/13/2021
3.1.1 894 5/11/2021
3.1.0 949 5/7/2021
3.0.3 926 5/7/2021
3.0.2 973 5/1/2021
3.0.1 901 4/21/2021
3.0.0 905 4/16/2021
2.2.6 990 4/13/2021
2.2.5 924 4/9/2021
2.2.4 971 4/8/2021
2.2.3 986 4/6/2021
2.2.2 863 4/2/2021
2.2.1 920 4/1/2021
2.2.0 877 3/30/2021
2.1.2 1,006 3/25/2021
2.1.1 877 3/25/2021
2.1.0 678 3/25/2021
2.0.0 771 3/8/2021
1.2.0 1,034 1/14/2021
1.1.0 778 1/11/2021
1.0.0 890 12/18/2020

'## [5.2.2](https://github.com/smartive/zitadel-net/compare/v5.2.1...v5.2.2) (2023-04-22)


### Bug Fixes

* **deps:** update dependency bouncycastle.cryptography to v2.2.1 ([f5d1efd](https://github.com/smartive/zitadel-net/commit/f5d1efdcf57bcd7d47bd1f4db9916711bf57a623))



'